Kartik Agaram
eyal
12/26/2021, 7:21 AMKartik Agaram
eyal
12/26/2021, 7:41 AMKartik Agaram
eyal
12/26/2021, 8:17 AMKartik Agaram
Mariano Guerra
Kartik Agaram
eyal
12/27/2021, 6:24 AMKartik Agaram
eyal
12/27/2021, 7:58 AMKartik Agaram
Kartik Agaram
conn:dohandshake()
. I'm not really supporting people in rolling their own crypto at the Lua level.
https://man7.org/linux/man-pages/man2/socket.2.html shows a whole plethora of protocol families ("communication domains") that have been forbidding to me in the past. Looking at them now, though, that's an orthogonal axis that is irrelevant to privileges. The important thing is what address a program connects to, independent of protocol.
So you're right. The right API doesn't preclude new protocols. At least at the OSI level 7 in any protocol families we can anticipate today.Tom Larkworthy
12/28/2021, 6:19 PMTom Larkworthy
12/28/2021, 6:20 PMTom Larkworthy
12/28/2021, 6:20 PMTom Larkworthy
12/28/2021, 6:25 PMKartik Agaram
daltonb
12/28/2021, 10:32 PMeyal
12/29/2021, 6:54 AMTom Larkworthy
12/29/2021, 8:03 AMProgramming languages assume all code they run is trustworthy.with crusty old Java, and it does not work in practice! And my follow up was to show where the SOTA currently is. Maybe programming language is the wrong place to do permissions, maybe something a level above programming language is correct (the networking/API layer/Gateway level) because you can then do organization policies in a language independant way? For Java security model to work, you have to enforce it at an organizational level, and why special case Java? Better to apply permissions policies at hardware/network level, especially in a distributed systems world?
Tom Larkworthy
12/29/2021, 8:05 AM